CVSS: 7.8EPSS: 0%CPEs: 20EXPL: 0CVE-2023-32449
https://notcve.org/view.php?id=CVE-2023-32449
Dell PowerStore versions prior to 3.5 contain an improper verification of cryptographic signature vulnerability. An attacker can trick a high privileged user to install a malicious binary by bypassing the existing cryptographic signature checks • https://www.dell.com/support/kbdoc/en-us/000215171/dsa-2023-173-dell-powerstore-family-security-update-for-multiple-vulnerabilities • CWE-347: Improper Verification of Cryptographic Signature •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-32465
https://notcve.org/view.php?id=CVE-2023-32465
Dell Power Protect Cyber Recovery, contains an Authentication Bypass vulnerability. An attacker could potentially exploit this vulnerability, leading to unauthorized admin access to the Cyber Recovery application. Exploitation may lead to complete system takeover by an attacker. • https://www.dell.com/support/kbdoc/en-us/000214943/dsa-2023-201-security-update-for-dell-powerprotect-cyber-recovery • CWE-644: Improper Neutralization of HTTP Headers for Scripting Syntax •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-28043
https://notcve.org/view.php?id=CVE-2023-28043
Dell SCG 5.14 contains an information disclosure vulnerability during the SRS to SCG upgrade path. A remote low privileged malicious user could potentially exploit this vulnerability to retrieve the plain text. • https://www.dell.com/support/kbdoc/en-us/000214205/dsa-2023-164-dell-secure-connect-gateway-security-update-for-multiple-vulnerabilities • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-28066
https://notcve.org/view.php?id=CVE-2023-28066
Dell OS Recovery Tool, versions 2.2.4013 and 2.3.7012.0, contain an Improper Access Control Vulnerability. A local authenticated non-administrator user could potentially exploit this vulnerability in order to elevate privileges on the system. • https://www.dell.com/support/kbdoc/en-us/000212575/dsa-2023-147 • CWE-284: Improper Access Control •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2023-25539
https://notcve.org/view.php?id=CVE-2023-25539
Dell NetWorker 19.6.1.2, contains an OS command injection Vulnerability in the NetWorker client. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable application. This is a high severity vulnerability as the exploitation allows an attacker to take complete control of a system, so Dell recommends customers to upgrade at the earliest opportunity. Dell NetWorker v19.6.1.2 contiene una vulnerabilidad de inyección de comandos del sistema operativo en el cliente NetWorker. Un atacante remoto no autenticado podría explotar potencialmente esta vulnerabilidad, llevando a la ejecución de comandos arbitrarios del sistema operativo en el sistema operativo subyacente de la aplicación, con los privilegios de la aplicación vulnerable. • https://www.dell.com/support/kbdoc/en-us/000211267/dsa-2023-060-dell-networker-security-update-for-an-nsrcapinfo-vulnerability • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-94: Improper Control of Generation of Code ('Code Injection') •